Flawed AVG update cripples Windows XP PCs

Samantha Rose Hunt, 12th November 2008

Chicago (IL) - Over the weekend, some Windows XP PCs were crippled when a flawed signature update to AVG Technologies’ antivirus software accidently deleted a critical system file, the company confirmed.

Messages posted on AVG’s support forums and its support site indicated that an update for the security software released late Saturday singled out the user32.dll file as a Trojan horse. As a result, the updated software AVG software, including versions 8.0 and 7.5, placed the .dll file in quarantine thus resulting in a crippled computer.

If users in fact chose to “heal” or “quarantine” the file, their computers were damaged enough to deny a Windows restart. Instead, users saw a blue screen with the note that the system is not able to find winsvr, errorc0000135.

In a recent FAQ on its support site, AVG confirmed the error. "In case you are not able to run your Windows XP operating system following the AVG 8.0 virus definition update, it may be caused by a false positive on a specific 'user32.dll' system file," the company stated. "The file was moved to the AVG Virus Vault and deleted. Therefore it is not possible to start Windows."Some individuals couldn’t get their computers to reboot, while others found that their PC wouldn’t stop rebooting.

On the AVG support site, there were instructions posted for affected users that involved running Windows XP’s Recovery Console, disabling some of the services of AVG, and then restoring the user32.dll file by copying it from the operating system’s install CD. If a user couldn’t find their installation disc, AVG offered a utility capable of correcting the problem.

The utility work around, however, only worked for users of AVG Antivirus 8.0. A tool for version 7.5 is promised to be available “soon”.

An AVG technical support representative provided more detail on the little problem. "We can confirm that it was a false alarm," said AVG’s Zbynek Paulen. "We have immediately released a new virus update (270.9.0/1778) that removes the false positive detection on this file. Please update your AVG and check your files again."

AVG also is not the only security vendor to issue its users a damaging update. Last September, Trend Micro accidently confused a few critical Vista and Windows XP system files for malware, resulting in PCs that refused to boot.